package com.huanxing.cloud.common.security.component;

import com.huanxing.cloud.common.security.exception.Auth2Exception;
import com.huanxing.cloud.common.security.exception.ServerErrorException;
import com.huanxing.cloud.common.security.exception.UnauthorizedException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.ClientAuthenticationException;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.web.util.ThrowableAnalyzer;

/** 异常处理, 重写oauth 默认实现 @Author lijx @Date 2022/1/27 11:29 */
@Slf4j
public class HuanxingWebResponseExceptionTranslator
    implements WebResponseExceptionTranslator<OAuth2Exception> {
  private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();

  @Override
  public ResponseEntity<OAuth2Exception> translate(Exception e) {
    // Try to extract a SpringSecurityException from the stacktrace
    Throwable[] causeChain = throwableAnalyzer.determineCauseChain(e);

    Exception ase =
        (AuthenticationException)
            throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain);
    if (ase != null) {
      return handleOAuth2Exception(new UnauthorizedException(e.getMessage(), e));
    }
    //
    //    ase =
    //        (AccessDeniedException)
    //            throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class,
    // causeChain);
    //    if (ase != null) {
    //      return handleOAuth2Exception(new ForbiddenException(ase.getMessage(), ase));
    //    }
    //
    //    ase =
    //        (InvalidGrantException)
    //            throwableAnalyzer.getFirstThrowableOfType(InvalidGrantException.class,
    // causeChain);
    //    if (ase != null) {
    //      return handleOAuth2Exception(new InvalidException(ase.getMessage(), ase));
    //    }
    //
    //    ase =
    //        (HttpRequestMethodNotSupportedException)
    //            throwableAnalyzer.getFirstThrowableOfType(
    //                HttpRequestMethodNotSupportedException.class, causeChain);
    //    if (ase != null) {
    //      return handleOAuth2Exception(new MethodNotAllowedException(ase.getMessage(), ase));
    //    }
    //
    //    ase =
    //        (OAuth2Exception)
    //            throwableAnalyzer.getFirstThrowableOfType(OAuth2Exception.class, causeChain);
    //
    //    if (ase != null) {
    //      return handleOAuth2Exception((OAuth2Exception) ase);
    //    }

    return handleOAuth2Exception(
        new ServerErrorException(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), e));
  }

  private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) {

    int status = e.getHttpErrorCode();
    HttpHeaders headers = new HttpHeaders();
    headers.set(HttpHeaders.CACHE_CONTROL, "no-store");
    headers.set(HttpHeaders.PRAGMA, "no-cache");
    if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) {
      headers.set(
          HttpHeaders.WWW_AUTHENTICATE,
          String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
    }

    // 客户端异常直接返回客户端,不然无法解析
    if (e instanceof ClientAuthenticationException) {
      return new ResponseEntity<>(e, headers, HttpStatus.valueOf(status));
    }
    return new ResponseEntity<>(
        new Auth2Exception(e.getMessage(), e.getOAuth2ErrorCode()),
        headers,
        HttpStatus.valueOf(status));
  }
}
